Increasing reliance on technology makes businesses more vulnerable to risks inside and outside the organization. The resulting inter-connectivity creates a dependency maze across businesses and their business partners. For the (re)insurance industry, this supply chain web fuels severity concerns and the potential for systemic events, according to Guy Carpenter colleagues Will Garland, President, Centers of Excellence, and Erica Davis, North America Cyber Center of Excellence Leader, Guy Carpenter.
All the while, threats to businesses are becoming more advanced and difficult to detect. Emerging trends include:
- The proliferation of big data and cloud computing – confidentiality, integrity and availability of data are critical to organizational survival, whether they be nation state secrets, industrial intellectual property (IP) or personal sensitive data
- Cyber-attacks on mobile devices are increasing and are likely to become a primary phishing vector for credential attacks in 2020. As a result, dual-factor authentication will move to multi-factor authentication
- The continued use of social engineering through phishing and smishing
- An increase in the proliferation of malware and ransomware
- The increasing use of artificial intelligence
- Voice-based cybercrime, which is growing along with the explosion of voice-directed digital assistants
- Global adoption of 5G infrastructure technology
- Newer technologies like deep fake video and audio technology.
The Impact of COVID-19 on Business Models
COVID-19 has only accelerated the trajectory of the cyber exposure landscape. As companies adapted to increased working from home circumstances, changing demand for their products and interrupted supply chains, they adapted their business models and utilized new technologies. This new normal has resulted in increased potential for cyber risk events, and we have observed the following cyber risk amplifiers:
- Alternate modes of working*
- Different technology utilization
- Less familiar modes of data movement and exchange
- Rebalancing of supply chain dynamics and third party reliance
- Key personnel risk
- Management and staff distraction
- Facility access and collaboration constraints
- Ability to deal with a ‘double whammy’ crisis of COVID-19 and cyber attack
- Rogue actor motivation.
*Between February 4, 2020 and April 7, 2020 there was an estimated 70 percent increase in remote working (source: Carbon Black)
While COVID-19 hasn’t introduced new exposure to the cyber insurance industry, these amplifiers have expanded the cyber attack surface and are prompting organizations to manage risk differently. As we look toward 2021, these complexities are shifting the landscape not only for individual businesses, but also the broader risk landscape.